react-native-nitro-net 0.2.0 → 0.3.0

package/src/https.ts

@@ -0,0 +1,127 @@
+import * as http from './http'
+import * as tls from './tls'
+import { Driver } from './Driver'
+import { Buffer } from 'react-native-nitro-buffer'
+import { IncomingMessage } from './http'
+
+// ========== Server ==========
+
+export class Server extends tls.Server {
+    private _httpConnections = new Set<any>();
+    public maxHeaderSize: number = 16384;
+    public maxRequestsPerSocket: number = 0;
+    public headersTimeout: number = 60000;
+    public requestTimeout: number = 300000;
+    public keepAliveTimeout: number = 5000;
+
+    constructor(options?: any, requestListener?: (req: http.IncomingMessage, res: http.ServerResponse) => void) {
+        if (typeof options === 'function') {
+            requestListener = options;
+            options = {};
+        }
+        super(options);
+
+        if (requestListener) {
+            this.on('request', requestListener);
+        }
+
+        // Initialize HTTP connection setup for secure connections
+        this.on('secureConnection', (socket: any) => {
+            // @ts-ignore - access internal http logic
+            (http.Server.prototype as any)._setupHttpConnection.call(this, socket);
+        });
+    }
+
+    public setTimeout(ms: number, callback?: () => void): this {
+        // @ts-ignore - access netServer via super's internal or cast
+        (this as any)._netServer.setTimeout(ms, callback);
+        return this;
+    }
+}
+
+export function createServer(options?: any, requestListener?: (req: http.IncomingMessage, res: http.ServerResponse) => void): Server {
+    return new Server(options, requestListener);
+}
+
+// ========== ClientRequest ==========
+
+export class ClientRequest extends http.ClientRequest {
+    constructor(options: any, callback?: (res: http.IncomingMessage) => void) {
+        if (typeof options === 'string') {
+            options = new URL(options);
+        }
+        if (options instanceof URL) {
+            options = {
+                protocol: options.protocol,
+                hostname: options.hostname,
+                path: options.pathname + options.search,
+                port: options.port ? parseInt(options.port) : 443
+            };
+        }
+        options.protocol = 'https:';
+        super(options, callback);
+    }
+}
+
+export function request(
+    urlOrOptions: string | URL | http.RequestOptions,
+    optionsOrCallback?: http.RequestOptions | ((res: http.IncomingMessage) => void),
+    callback?: (res: http.IncomingMessage) => void
+): ClientRequest {
+    let opts: http.RequestOptions = {};
+    let cb: ((res: http.IncomingMessage) => void) | undefined = callback;
+
+    if (typeof urlOrOptions === 'string') {
+        const url = new URL(urlOrOptions);
+        opts = {
+            protocol: url.protocol,
+            hostname: url.hostname,
+            path: url.pathname + url.search,
+            port: url.port ? parseInt(url.port) : 443
+        };
+    } else if (urlOrOptions instanceof URL) {
+        opts = {
+            protocol: urlOrOptions.protocol,
+            hostname: urlOrOptions.hostname,
+            path: urlOrOptions.pathname + urlOrOptions.search,
+            port: urlOrOptions.port ? parseInt(urlOrOptions.port) : 443
+        };
+    } else {
+        opts = { ...urlOrOptions };
+    }
+
+    if (typeof optionsOrCallback === 'function') {
+        cb = optionsOrCallback;
+    } else if (optionsOrCallback) {
+        opts = { ...opts, ...optionsOrCallback };
+    }
+
+    opts.protocol = 'https:';
+    return new ClientRequest(opts, cb);
+}
+
+export function get(
+    urlOrOptions: string | URL | http.RequestOptions,
+    optionsOrCallback?: http.RequestOptions | ((res: http.IncomingMessage) => void),
+    callback?: (res: http.IncomingMessage) => void
+): ClientRequest {
+    const req = request(urlOrOptions, optionsOrCallback, callback);
+    req.end();
+    return req;
+}
+
+// ========== Agent ==========
+
+export class Agent extends http.Agent {
+    constructor(options?: any) {
+        super(options);
+    }
+}
+
+export const globalAgent = new Agent({
+    keepAlive: true,
+    scheduling: 'lifo',
+    timeout: 5000,
+});
+
+export { IncomingMessage };

package/src/index.ts

@@ -33,16 +33,21 @@ let _autoSelectFamilyDefault = 4; // Node default is usually 4/6 independent, bu
 let _isVerbose = false;
 let _isInitialized = false;
 
-function debugLog(message: string) {
-    if (_isVerbose) {
-        console.log(`[NET DEBUG] ${message}`);
-    }
+function isVerbose(): boolean {
+    return _isVerbose;
 }
 
 function setVerbose(enabled: boolean): void {
     _isVerbose = enabled;
 }
 
+function debugLog(message: string) {
+    if (_isVerbose) {
+        const timestamp = new Date().toISOString().split('T')[1].split('Z')[0];
+        console.log(`[NET DEBUG ${timestamp}] ${message}`);
+    }
+}
+
 function getDefaultAutoSelectFamily(): number {
     return _autoSelectFamilyDefault;
 }
@@ -79,6 +84,9 @@ function ensureInitialized(): void {
  */
 function initWithConfig(config: NetConfig): void {
     _isInitialized = true;
+    if (config.debug !== undefined) {
+        setVerbose(config.debug);
+    }
     Driver.initWithConfig(config);
 }
 
@@ -89,17 +97,69 @@ function initWithConfig(config: NetConfig): void {
 // SocketAddress
 // -----------------------------------------------------------------------------
 
+export interface SocketAddressOptions {
+    address?: string;
+    family?: 'ipv4' | 'ipv6';
+    port?: number;
+    flowlabel?: number;
+}
+
 export class SocketAddress {
     readonly address: string;
     readonly family: 'ipv4' | 'ipv6';
     readonly port: number;
     readonly flowlabel: number;
 
-    constructor(options: { address: string, family?: 'ipv4' | 'ipv6', port: number, flowlabel?: number }) {
-        this.address = options.address;
-        this.family = options.family || (isIPv6(options.address) ? 'ipv6' : 'ipv4');
-        this.port = options.port;
-        this.flowlabel = options.flowlabel || 0;
+    constructor(options: SocketAddressOptions = {}) {
+        this.address = options.address ?? (options.family === 'ipv6' ? '::' : '127.0.0.1');
+        this.family = options.family || (isIPv6(this.address) ? 'ipv6' : 'ipv4');
+        this.port = options.port ?? 0;
+        this.flowlabel = options.flowlabel ?? 0;
+    }
+
+    /**
+     * Attempts to parse a string containing a socket address.
+     * Returns a SocketAddress if successful, or undefined if not.
+     * 
+     * Supported formats:
+     * - `ip:port` (e.g., `127.0.0.1:8080`, `[::1]:8080`)
+     * - `ip` only (port defaults to 0)
+     */
+    static parse(input: string): SocketAddress | undefined {
+        if (!input || typeof input !== 'string') return undefined;
+        let address: string;
+        let port = 0;
+
+        // Handle IPv6 bracket notation: [::1]:port
+        const ipv6Match = input.match(/^\[([^\]]+)\]:?(\d*)$/);
+        if (ipv6Match) {
+            address = ipv6Match[1];
+            port = ipv6Match[2] ? parseInt(ipv6Match[2], 10) : 0;
+            if (!isIPv6(address)) return undefined;
+            return new SocketAddress({ address, port, family: 'ipv6' });
+        }
+
+        // Handle IPv4 or IPv6 without brackets
+        const lastColon = input.lastIndexOf(':');
+        if (lastColon === -1) {
+            // No port, just IP
+            address = input;
+        } else {
+            // Determine if the colon is a port separator or part of IPv6
+            const potentialPort = input.slice(lastColon + 1);
+            const potentialAddr = input.slice(0, lastColon);
+            if (/^\d+$/.test(potentialPort) && (isIPv4(potentialAddr) || isIPv6(potentialAddr))) {
+                address = potentialAddr;
+                port = parseInt(potentialPort, 10);
+            } else {
+                // It's an IPv6 address without port
+                address = input;
+            }
+        }
+
+        const family = isIPv6(address) ? 'ipv6' : (isIPv4(address) ? 'ipv4' : undefined);
+        if (!family) return undefined;
+        return new SocketAddress({ address, port, family });
     }
 }
 
@@ -107,9 +167,31 @@ export class SocketAddress {
 // BlockList
 // -----------------------------------------------------------------------------
 
+export interface BlockListRule {
+    type: 'address' | 'range' | 'subnet';
+    address?: string;
+    start?: string;
+    end?: string;
+    prefix?: number;
+    family: 'ipv4' | 'ipv6';
+}
+
 export class BlockList {
     private _rules: Array<{ type: 'address' | 'range' | 'subnet', data: any }> = [];
 
+    /** Returns an array of rules added to the blocklist. */
+    get rules(): BlockListRule[] {
+        return this._rules.map(r => {
+            if (r.type === 'address') {
+                return { type: 'address' as const, address: r.data.address, family: r.data.family };
+            } else if (r.type === 'range') {
+                return { type: 'range' as const, start: r.data.start, end: r.data.end, family: r.data.family };
+            } else {
+                return { type: 'subnet' as const, address: r.data.net, prefix: r.data.prefix, family: r.data.family };
+            }
+        });
+    }
+
     addAddress(address: string, family?: 'ipv4' | 'ipv6'): void {
         this._rules.push({ type: 'address', data: { address, family: family || (isIPv6(address) ? 'ipv6' : 'ipv4') } });
     }
@@ -143,6 +225,37 @@ export class BlockList {
         }
         return false;
     }
+
+    /**
+     * Serializes the BlockList to a JSON-compatible format.
+     */
+    toJSON(): BlockListRule[] {
+        return this.rules;
+    }
+
+    /**
+     * Creates a BlockList from a JSON array of rules.
+     */
+    static fromJSON(json: BlockListRule[]): BlockList {
+        const list = new BlockList();
+        for (const rule of json) {
+            if (rule.type === 'address' && rule.address) {
+                list.addAddress(rule.address, rule.family);
+            } else if (rule.type === 'range' && rule.start && rule.end) {
+                list.addRange(rule.start, rule.end, rule.family);
+            } else if (rule.type === 'subnet' && rule.address && rule.prefix !== undefined) {
+                list.addSubnet(rule.address, rule.prefix, rule.family);
+            }
+        }
+        return list;
+    }
+
+    /**
+     * Checks if a given value is a BlockList instance.
+     */
+    static isBlockList(value: unknown): value is BlockList {
+        return value instanceof BlockList;
+    }
 }
 
 function ipv4ToLong(ip: string): number {
@@ -178,6 +291,7 @@ export class Socket extends Duplex {
     public bytesWritten: number = 0;
     public autoSelectFamilyAttemptedAddresses: string[] = [];
     private _autoSelectFamily: boolean = false;
+    private _timeout: number = 0;
 
     get localFamily(): string {
         return this.localAddress && this.localAddress.includes(':') ? 'IPv6' : 'IPv4';
@@ -203,7 +317,9 @@ export class Socket extends Duplex {
         super({
             allowHalfOpen: options?.allowHalfOpen ?? false,
             readable: options?.readable ?? true,
-            writable: options?.writable ?? true
+            writable: options?.writable ?? true,
+            // @ts-ignore
+            autoDestroy: false
         });
 
         if (options?.socketDriver) {
@@ -211,6 +327,8 @@ export class Socket extends Duplex {
             this._driver = options.socketDriver;
             this._connected = true;
             this._setupEvents();
+            // Enable noDelay by default
+            this._driver.setNoDelay(true);
             // Resume the socket since it starts paused on server-accept
             this.resume();
             // Emit connect for server-side socket? No, it's already connected.
@@ -219,8 +337,10 @@ export class Socket extends Duplex {
             ensureInitialized();
             this._driver = Driver.createSocket();
             this._setupEvents();
-            // Also resume client socket initially so it's ready to receive
-            this.resume();
+            // Enable noDelay by default to match Node.js and reduce latency for small writes
+            this._driver.setNoDelay(true);
+            // Do NOT resume here - socket is not connected yet!
+            // resume() will be called after 'connect' event in _connect()
         }
 
         this.on('finish', () => {
@@ -261,6 +381,8 @@ export class Socket extends Duplex {
                     this.connecting = false;
                     this._connected = true;
                     this._updateAddresses();
+                    // Now that we're connected, start receiving data
+                    this.resume();
                     this.emit('connect');
                     this.emit('ready');
                     break;
@@ -409,6 +531,7 @@ export class Socket extends Duplex {
             this._autoSelectFamily = true;
         }
 
+        debugLog(`Socket.connect: target=${host}:${port}, autoSelectFamily=${this._autoSelectFamily}`);
         return this._connect(port, host, connectionListener, options.signal);
     }
 
@@ -431,6 +554,7 @@ export class Socket extends Duplex {
             this.once('close', () => signal.removeEventListener('abort', abortHandler));
         }
 
+        debugLog(`Socket._connect: Calling driver.connect(${host}, ${port})`);
         this._driver?.connect(host, port);
         return this;
     }
@@ -511,6 +635,7 @@ export class Socket extends Duplex {
 
     // Standard net.Socket methods
     setTimeout(msecs: number, callback?: () => void): this {
+        this._timeout = msecs;
         if (this._driver) {
             this._driver.setTimeout(msecs);
         }
@@ -534,12 +659,13 @@ export class Socket extends Duplex {
      * Resume reading after a call to pause().
      */
     resume(): this {
-        const id = (this._driver as any)?.id;
-        debugLog(`Socket.resume() called, id: ${id}`);
+        const driver = this._driver as any;
+        const id = driver?.id;
+        debugLog(`Socket.resume() called, id: ${id === undefined ? 'none' : id}, destroyed: ${this.destroyed}`);
         super.resume();
-        if (this._driver) {
+        if (driver) {
             debugLog(`Socket.resume() calling driver.resume(), id: ${id}`);
-            this._driver.resume();
+            driver.resume();
         }
         return this;
     }
@@ -569,8 +695,8 @@ export class Socket extends Duplex {
         return this;
     }
 
-    get timeout(): number | undefined {
-        return undefined; // Not tracked strictly as a property yet
+    get timeout(): number {
+        return this._timeout;
     }
 
     get bufferSize(): number {
@@ -848,6 +974,8 @@ export function createServer(options?: any, connectionListener?: (socket: Socket
 }
 
 export * as tls from './tls'
+export * as http from './http'
+export * as https from './https'
 
 export {
     isIP,
@@ -855,6 +983,7 @@ export {
     isIPv6,
     getDefaultAutoSelectFamily,
     setDefaultAutoSelectFamily,
+    isVerbose,
     setVerbose,
     initWithConfig,
 };
@@ -876,4 +1005,6 @@ export default {
     setDefaultAutoSelectFamily,
     setVerbose,
     initWithConfig,
+    http: require('./http'),
+    https: require('./https'),
 };

package/src/tls.ts

@@ -1,7 +1,14 @@
-import { Socket, Server as NetServer, SocketOptions } from './index'
+import { Socket, Server as NetServer, SocketOptions, isVerbose } from './index'
 import { Driver } from './Driver'
 import { NetSocketDriver } from './Net.nitro'
 
+function debugLog(message: string) {
+    if (isVerbose()) {
+        const timestamp = new Date().toISOString().split('T')[1].split('Z')[0];
+        console.log(`[NET DEBUG ${timestamp}] ${message}`);
+    }
+}
+
 export interface PeerCertificate {
     subject: { [key: string]: string }
     issuer: { [key: string]: string }
@@ -26,6 +33,13 @@ export interface ConnectionOptions extends SocketOptions {
     pfx?: string | ArrayBuffer
     passphrase?: string
     keylog?: boolean // Enable keylogging (SSLKEYLOGFILE format)
+    /**
+     * Custom hostname verification function.
+     * If provided, it will be called after the TLS handshake to verify the peer certificate.
+     * Return `undefined` if valid, or an `Error` if invalid.
+     * If not provided, the default `checkServerIdentity` is used.
+     */
+    checkServerIdentity?: (hostname: string, cert: PeerCertificate) => Error | undefined
 }
 
 export interface SecureContextOptions {
@@ -179,7 +193,11 @@ export class TLSSocket extends Socket {
 
     renegotiate(options: any, callback: (err: Error | null) => void): boolean {
         if (callback) {
-            process.nextTick(() => callback(new Error('Renegotiation is not supported by rustls')));
+            setTimeout(() => {
+                const err = new Error('Renegotiation is not supported by rustls');
+                (err as any).code = 'ERR_TLS_RENEGOTIATION_DISABLED';
+                callback(err);
+            }, 0);
         }
         return false;
     }
@@ -188,6 +206,39 @@ export class TLSSocket extends Socket {
         // No-op, already effectively disabled
     }
 
+    /**
+     * Enables trace output for this socket.
+     */
+    enableTrace(): void {
+        const driver = (this as any)._driver as NetSocketDriver
+        if (driver) {
+            driver.enableTrace()
+        }
+    }
+
+    /**
+     * Exports keying material for use by external protocols.
+     * 
+     * @param length The number of bytes to return.
+     * @param label A label identifying the keying material.
+     * @param context An optional context.
+     * @returns Buffer containing keying material.
+     * @throws Error if export fails (e.g., TLS not connected).
+     */
+    exportKeyingMaterial(length: number, label: string, context?: Buffer): Buffer {
+        const driver = (this as any)._driver as NetSocketDriver
+        if (driver) {
+            const ctx = context ? new Uint8Array(context).buffer as ArrayBuffer : undefined
+            const result = driver.exportKeyingMaterial(length, label, ctx)
+            if (result) {
+                return Buffer.from(result)
+            }
+        }
+        const err = new Error('exportKeyingMaterial failed: TLS connection may not be established')
+            ; (err as any).code = 'ERR_TLS_EXPORT_KEYING_MATERIAL'
+        throw err
+    }
+
     constructor(socket: Socket, options?: ConnectionOptions)
     constructor(options: ConnectionOptions)
     constructor(socketOrOptions: Socket | ConnectionOptions, options?: ConnectionOptions) {
@@ -230,6 +281,21 @@ export class TLSSocket extends Socket {
             if (connectionListener) this.once('secureConnect', connectionListener);
 
             this.once('connect', () => {
+                // After the native TLS handshake, perform hostname verification
+                if (rejectUnauthorized !== false) {
+                    const cert = this.getPeerCertificate() as PeerCertificate;
+                    if (cert && Object.keys(cert).length > 0) {
+                        const verifyFn = (typeof options === 'object' && options.checkServerIdentity)
+                            ? options.checkServerIdentity
+                            : checkServerIdentity;
+                        const verifyErr = verifyFn(servername, cert);
+                        if (verifyErr) {
+                            this.emit('error', verifyErr);
+                            this.destroy(verifyErr);
+                            return;
+                        }
+                    }
+                }
                 this.emit('secureConnect')
             })
 
@@ -255,14 +321,18 @@ export class TLSSocket extends Socket {
 
             if (path) {
                 if (secureContextId !== undefined) {
+                    debugLog(`TLSSocket.connect: Calling driver.connectUnixTLSWithContext(${path}, ${servername}, ctx=${secureContextId})`);
                     driver.connectUnixTLSWithContext(path, servername, rejectUnauthorized, secureContextId)
                 } else {
+                    debugLog(`TLSSocket.connect: Calling driver.connectUnixTLS(${path}, ${servername})`);
                     driver.connectUnixTLS(path, servername, rejectUnauthorized)
                 }
             } else {
                 if (secureContextId !== undefined) {
+                    debugLog(`TLSSocket.connect: Calling driver.connectTLSWithContext(${host}, ${port}, ${servername}, ctx=${secureContextId})`);
                     driver.connectTLSWithContext(host, port, servername, rejectUnauthorized, secureContextId)
                 } else {
+                    debugLog(`TLSSocket.connect: Calling driver.connectTLS(${host}, ${port}, ${servername})`);
                     driver.connectTLS(host, port, servername, rejectUnauthorized)
                 }
             }
@@ -323,6 +393,9 @@ export class Server extends NetServer {
                 key: options.key,
                 ca: options.ca
             }).id;
+        } else {
+            // Create empty secure context to allow late configuration (addContext)
+            this._secureContextId = createSecureContext().id;
         }
 
         this.on('connection', (socket: Socket) => {
@@ -408,12 +481,15 @@ export class Server extends NetServer {
 
         const driver = (this as any)._driver;
 
-        if (handle || _path) {
-            console.warn("TLS over Unix sockets/handles not fully implemented yet");
+        if (_path) {
+            driver.listenTLSUnix(_path, this._secureContextId, _backlog);
+        } else if (handle) {
+            console.warn("TLS over handles not fully implemented yet");
+            driver.listenTLS(_port || 0, this._secureContextId, _backlog, ipv6Only, reusePort);
+        } else {
+            driver.listenTLS(_port || 0, this._secureContextId, _backlog, ipv6Only, reusePort);
         }
 
-        driver.listenTLS(_port || 0, this._secureContextId, _backlog, ipv6Only, reusePort);
-
         return this;
     }
 }